| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Mon, 1 May 2017 12:46:48 +0200 From: Pablo Neira Ayuso <pablo@...filter.org> To: netfilter-devel@...r.kernel.org Cc: davem@...emloft.net, netdev@...r.kernel.org Subject: [PATCH 21/53] netfilter: nf_nat: Fix return NF_DROP in nfnetlink_parse_nat_setup From: Gao Feng <fgao@...ai8.com> The __nf_nat_alloc_null_binding invokes nf_nat_setup_info which may return NF_DROP when memory is exhausted, so convert NF_DROP to -ENOMEM to make ctnetlink happy. Or ctnetlink_setup_nat treats it as a success when one error NF_DROP happens actully. Signed-off-by: Gao Feng <fgao@...ai8.com> Signed-off-by: Pablo Neira Ayuso <pablo@...filter.org> --- net/netfilter/nf_nat_core.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/net/netfilter/nf_nat_core.c b/net/netfilter/nf_nat_core.c index fb0e65411785..5e35643da650 100644 --- a/net/netfilter/nf_nat_core.c +++ b/net/netfilter/nf_nat_core.c @@ -806,7 +806,7 @@ nfnetlink_parse_nat_setup(struct nf_conn *ct, /* No NAT information has been passed, allocate the null-binding */ if (attr == NULL) - return __nf_nat_alloc_null_binding(ct, manip); + return __nf_nat_alloc_null_binding(ct, manip) == NF_DROP ? -ENOMEM : 0; err = nfnetlink_parse_nat(attr, ct, &range, l3proto); if (err < 0) -- 2.1.4
Powered by blists - more mailing lists